FRAUD IN A MOBILE DIGITAL WORLD

With an increased reliance by consumers on mobile devices to communicate, transact and authenticate, the hot topic of identity theft and mobile fraud has progressed from being merely a niche occurrence to a widespread and global concern for many. The concerns not only stem from banks, retailers and mobile payments providers, but also for mobile service providers too, who are managing their reputation and brand within this problematic industry. There have been many examples of high sensitivity data being used on mobile phones. Email addresses, password safes, text messages, mobile banking, purchases of apps are just some of the kinds of data consumers store on their mobiles. This makes for an incredible opportunity for would-be fraudsters and protecting the integrity of this data is set to dominate mobile fraud prevention efforts in the next five years.

While the data held on mobile devices is becoming more valuable it is also becoming increasingly apparent that no security or encryption can be guaranteed as flawless (past examples include the Open SSL weakness publicised in April 2014 and the iOS 7 security flaw patched in February 2014). Some have been known to potentially expose private security encryption keys to third parties with the loss being untraceable to the user. These sorts of security flaws combined with the inevitable opportunities of compromised employees releasing sensitive data (for instance, the Morrison’s security leak earlier this year) imply that the possibility of fraud is not something that can be entirely designed out of the digital/mobile environment despite the formidable range of encryption and verification technologies available on these platforms.

Competition is a problem?

Consequently, there are a number of challenges in securing the mobile channel against fraud. Advancements in mobile phones mean that the technology they use is becoming more and more powerful, but even so, it is a far less mature environment than a desktop computer which makes this platform far easier to abuse. Unfortunately there isn’t enough collaboration happening in the industry to tackle these issues, meaning it’s very often unclear as to who exactly holds the responsibility for creating better levels of security; the application developer, the phone manufacturer or the network provider?

That said one of the best places to start is with consumers themselves. Building and retaining consumers’ trust is a major problem for the industry and helping users combat identity theft through improved basic education is an important part of that process. Many mobile phone users are still unaware of the potential risks they face every time they use their mobile phones to store information, transact or communicate. But although the industry does have a responsibility to continue educating, all the education in the world is still never realistically going to be enough to cure this problem. Why? Because even when you communicate the potential risks of mobile fraud on a wide scale, some people will still continue to hand over their personal information to pretty much anyone who asks for it. Therefore it is also essential to use advances in technology to ensure that all consumers and businesses are protected from these risks in a way that they can relate to. The technology does already exist to do this, it must be mobile-based, real time and multi-layered in approach so as not to affect the consumer (or customer) experience.

Validate transactions against location

1) Consumers can monitor their transactions and the information held about them by third parties to enable them to determine if fraudsters are misusing their details. Technology must be improved to make this more of an automated warning system as opposed to requiring manual intervention from the consumer. For example, technology is being developed to enable banking transactions to be validated automatically against the customers’ mobile phone location to provide an early alert if customers’ cards are being used in locations where they are not present. This also extends to behavioural monitoring, normal spending patterns and identifying new events that are a-typical. Similarly credit reference agency CallCredit in the UK, now offers consumers a free service to allow customers to check what credit accounts are being opened in their names and warns them of spurious change of address requests.

2) Multi-factor authentication provides an opportunity to make fraud much more difficult for important transactions or communications. Pre-saved passwords are always potentially vulnerable to attack, either by being cracked by brute force methods or by interception techniques. By adding a second factor, for example a time generated number with a common key only known between recipient and transmitter and preferably held on an independent physical device (e.g. a dongle or card reader) makes the value of single passwords much lower.

3) Currently technology companies are moving towards bio-metric authentication – for example Apple and Samsung have both introduced fingerprint recognition to unlock iPhone 5 and Galaxy 5 respectively. While these approaches are still relatively simple (within hours of release activists had demonstrated security problems within Apples’ fingerprint recognition that would allow anyone who can lift a copy of your fingerprint off of a door handle or pane of glass for example, to gain access). Nonetheless as an added level of security it makes life harder for the fraudster – they now need physical access to your fingerprints. Other biometric markers, while more difficult and inconvenient to read, potentially offer higher security as they are not inadvertently left behind (for example iris scanning).

Time to get serious

In the end fraud, and the measures needed to combat it will always evolve, however, in the battle to minimise the chances of large scale digital mobile fraud, diversity and multiple independent forms of authentication offer the very real opportunity of making fraud confined to a relatively small scale problem. In some ways if suppliers converge on a single approach and a single factor the chances of serious problems become magnified as the prize for breaking the system gets bigger to criminals and the consequences more serious for the rest of us.

The future growth of mobile payments in terms of volume (and the resulting fraud risk) is certain. Researchers and analysts are estimating that $670bn mobile payments will have transacted by the end of 2015, but unless the industry starts to take the security of those payments more seriously, the consequences could be disastrous for many.

This website uses cookies We use cookies to enchance your visit and to personalize our content, social media features, ads and to analyze our traffic. You consent to our cookies if you continue to use our website. You can at any time change or withdraw your consent by clicking on show details. Read our Privacy and Cookie Policy to know more.

Accept

Read more

Change Settings

Cookie Box Settings

Cookie Box Settings

Privacy settings

Decide which cookies you want to allow.You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function.Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

Block all

Essentials

Functionality

Analytics

Advertising

This website will:

Essential: Remember your cookie permission setting

Essential: Allow session cookies

Essential: Gather information you input into a contact forms, newsletter and other forms across all pages

Essential: Keep track of what you input in shopping cart

Essential: Authenticate that you are logged into your user account

Essential: Remember language version you selected

This website wont:

Remember your login details

Functionality: Remember social media settings

Functionality: Remember selected region and country

Analytics: Keep track of your visited pages and interaction taken

Analytics: Keep track about your location and region based on your IP number

Analytics: Keep track on the time spent on each page

Analytics: Increase the data quality of the statistics functions

Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.

Advertising: Gather personally identifiable information such as name and location

This website will:

Essential: Remember your cookie permission setting

Essential: Allow session cookies

Essential: Gather information you input into a contact forms, newsletter and other forms across all pages

Essential: Keep track of what you input in shopping cart

Essential: Authenticate that you are logged into your user account

Essential: Remember language version you selected

Functionality: Remember social media settings

Functionality: Remember selected region and country

This website wont:

Remember your login details

Analytics: Keep track of your visited pages and interaction taken

Analytics: Keep track about your location and region based on your IP number

Analytics: Keep track on the time spent on each page

Analytics: Increase the data quality of the statistics functions

Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.

Advertising: Gather personally identifiable information such as name and location

This website will:

Essential: Remember your cookie permission setting

Essential: Allow session cookies

Essential: Gather information you input into a contact forms, newsletter and other forms across all pages